rsigma-eval 0.7.0

Evaluator for Sigma detection and correlation rules — match rules against events
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
#
# When uploading crates to the registry Cargo will automatically
# "normalize" Cargo.toml files for maximal compatibility
# with all versions of Cargo and also rewrite `path` dependencies
# to registry (e.g., crates.io) dependencies.
#
# If you are reading this file be aware that the original Cargo.toml
# will likely look very different (and much more reasonable).
# See Cargo.toml.orig for the original contents.

[package]
edition = "2024"
rust-version = "1.88.0"
name = "rsigma-eval"
version = "0.7.0"
build = false
autolib = false
autobins = false
autoexamples = false
autotests = false
autobenches = false
description = "Evaluator for Sigma detection and correlation rules — match rules against events"
homepage = "https://github.com/timescale/rsigma"
readme = "README.md"
license = "MIT"
repository = "https://github.com/timescale/rsigma"

[features]
parallel = ["rayon"]

[lib]
name = "rsigma_eval"
path = "src/lib.rs"

[[test]]
name = "correlation_edge"
path = "tests/correlation_edge.rs"

[[test]]
name = "error_paths"
path = "tests/error_paths.rs"

[[test]]
name = "integration"
path = "tests/integration.rs"

[[test]]
name = "pipeline_errors"
path = "tests/pipeline_errors.rs"

[[test]]
name = "state_snapshot"
path = "tests/state_snapshot.rs"

[[bench]]
name = "correlation"
path = "benches/correlation.rs"
harness = false

[[bench]]
name = "datagen"
path = "benches/datagen.rs"

[[bench]]
name = "eval"
path = "benches/eval.rs"
harness = false

[dependencies.base64]
version = "0.22"

[dependencies.chrono]
version = "0.4"
features = ["serde"]

[dependencies.flate2]
version = "1"

[dependencies.ipnet]
version = "2"

[dependencies.log]
version = "0.4"

[dependencies.rayon]
version = "1"
optional = true

[dependencies.regex]
version = "1"

[dependencies.rsigma-parser]
version = "0.7.0"

[dependencies.serde]
version = "1"
features = [
    "derive",
    "rc",
]

[dependencies.serde_json]
version = "1"

[dependencies.serde_yaml]
version = "0.9"

[dependencies.thiserror]
version = "2"

[dev-dependencies.criterion]
version = "0.5"

[dev-dependencies.proptest]
version = "1.10.0"

[dev-dependencies.rand]
version = "0.9"